Mostly we deliver non-standard, tailored solutions for demanding customers. Our services include targeted security research of: browsers, client-server applications, operating systems and various devices (mobile, IT/OT/IoT). We develop custom software for our customers for both offensive and defensive purposes.
Sample security bugs in popular software identified by our core team:
- CVE-2015-2487 / ZDI-15-420 – Microsoft Internet Explorer Embedded Windows Media Player Use-After-Free Remote Code Execution (MS15-094)
- CVE-2015-3680 / ZDI-15-284 – Apple OS X DFont FOND Memory Corruption Remote Code Execution
- CVE-2015-3679 / ZDI-15-287 – Apple OS X morx nSubtables Memory Corruption Remote Code Execution
- CVE-2015-0036 / ZDI-15-019 – Microsoft Internet Explorer CShadow Direction Integer Overflow Remote Code Execution (MS15-009)
- Hopper Disassembler 2.8.7 / 3.6.2 Mach-O Handling Buffer Overflow
- CVE-2014-3788 – Cogent DataHub Heap Buffer Overflow Remote Code Execution
- CVE-2014-0256 – Microsoft iSCSI Target Remote Denial of Service (MS14-028)
- CVE-2014-0255 – Microsoft iSCSI Target Remote Denial of Service (MS14-028)
- CVE-2014-1449 – Maxthon Cloud Browser for Android 188.8.131.520 Address Bar Spoofing
- ZDI-13-252 – Cogent DataHub Heap Overflow Remote Code Execution
- CVE-2012-4399 – CakePHP 2.x XXE injection
- CVE-2014-1695 – OTRS Cross-Site Scripting (XSS)
- CVE-2015-2149 – MyBB multiple Stored Cross-Site Scripting (XSS)
Targeted security research
Our vast experience in identifying security vulnerabilities is confirmed by acknowledgments by such companies as Apple, Google or Microsoft. Apart from that we have experience working as security researchers. Due to the nature of this work most of it is not public and only some of those are confirmed with CVE identifiers. We have identified multiple vulnerabilities in top browsers, server applications, web/mobile applications, embedded devices and operating systems.
Many of the bugs identified by us were found by using fuzzing. We have several years of experience in creating dedicated fuzzing software that is used for identified so called 0-day vulnerabilities and are able to provide custom solutions to our customers. The fuzzer can for example target specific software, module or a network protocol. We can also help with optimizing already existing solutions that are based on popular public fuzzing solutions such as American Fuzzy Lop (AFL) or Peach Fuzzer.
Other non standard IT Security Services
Thanks to our broad experience in the cybersecurity field, we can offer many non standard offensive and defensive services. In case a service was not listed on the website or you have some special requirements feel free to contact us.